IBM QRadar Cyber Defence and SOC Simulation Training

The Basic Idea

In the unique training concept, typical IT attacks are simulated in “real” corporate networks.

It is the goal of the IBM QRadar Cyber Defence and SOC Simulation Training to create a deep understanding of how attacks on corporate networks work, using Gartner leading SIEM IBM QRadar:

Understand the underlying technical principles of common attacks

Learn how to “think like an attacker” in regard to corporate network security

Understand the limits of common security products, such as antivirus solutions

Prioritise hardening measures correctly

Target Audience

The IBM QRadar Cyber Defence and SOC Simulation Training is suitable for the following groups:

System and Network Administrators

Operations Engineers

IT Security Manager and non-technical IT Security Consultants who want to broaden their technical understanding

IT Forensic staff and Security Operations Centre (SOC) staff who are just starting out in the field

Prerequisites

SIEM knowledge or hacking experience is not required. However, an affinity for the subject IT security should exist. The required fundamentals are explained in detail at the beginning of each exercise.

In this knowledge transfer, you learn how to navigate QRadar SIEM to detect anomalies and unusual behaviour. Using the skills taught in this course, you can identify and investigate threats and attacks, with hands-on exercises to reinforce the skills learned.

You will also learn how to create Universal DSM and create event, flow and anomaly rules. You will analyse the offenses created by rules and if necessary fine-tune them. Using the skills taught in this course, you can identify and investigate threats and attacks.

This basic course is for:

Security Analysts

Network Administrators

System Administrators

Day One – Introduction and basic attacks, bespoke ransomware demo

1. Introduction

Overall infrastructure introduction

Advanced tool introduction

Exploit net API

Exploit vsftPd

Lunch break

2. Reconnaissance

High noise scans

Low noise scans

Limitations of security tools (Optional but has worth if placed correctly)

IBM QRadar CyberKombat Training Course

How can you be a pilot if you don’t try to fly – How can you be a SOC Analyst if you never handle offenses?
At last a real IBM QRadar SIEM training course!

Powered by CyberKombat, a brand new experience designed to replicate serious cyber attacks on an organisation, giving real life SOC teams the opportunity to test their abilities and gain a wealth of new skills in the process.

During the labs the attendees are constantly monitored and prompted if they require assistance, or Nano-Learning is used to provide succinct refresher learning as required. All attacks and defences are documented for reference and future re-use.